Individual vs Family Plan [vs Dropbox]
Putting this question here but it's really a bunch of questions about family and individual plans vs the stand alone app with DropBox sync method…I'm trying to get my wife to upgrade from the standalone Password Wallet application on her iPhone and join me on 1Password. Our situation is I use 1PW on iOS and Macos using latest OS versions and app versions and DropBox sync. All of my logins as well as the 'family' oriented logins are in 1PW. She uses Password Wallet on iOS only for her logins, a few of the family logins, and also has my 1PW password so that she can get into my devices if necessary. I'm trying to decide whether just using 1PW with DropBox sync and having hers/his/ours vaults is the right answer…or whether either an individual plan for myself with sharing my password with her for access is better…or whether a family plan is better (all of this is assuming I can convince her to change at all from Password Wallet…she hates change. We only care about iOS and Macos at this point in our lives…Android and Windows are not in our plans. What we need is his/hers/our data vaults with all 3 being accessible to both of us.
Ok, here's the questions I have…I've reviewed the security white paper that Dave referenced on the blog as well as the features/prices/plans/etc and haven't figured these answers yet.
- Is just giving her my password on an individual plan the only way to share vaults in an individual plan? It looks like it is from the features of individual/family comparison page. I could share of course…and after 40 years we obviously trust each other…but doing it that way with an individual plan seems wrong.
- With either a family or individual plan…what happens with simultaneous access from multiple devices…if two different devices change the same login which one gets eventually synced and updated to all devices? I'm guessing the last one but it's not clear.
- Same question as above…but is there a different answer if one or both devices are offline when they make the change. We live in an RV full time and spend a lot of time out in the woods and our iPhones, iPads, and Macs have intermittent connectivity. DropBox has always worked to sync my 3 iOS devices and 2 Macs as connectivity comes and goes…I assume that family/individual plans would as well.
- If devices are online…what causes them to sync changes made on a device to upload…and what causes a check/download for updated data from another device? Do I need to launch the app to get a sync…or do they periodically check on their own for both connectivity and updated data? Is this answer different as connectivity comes and goes due to the RV lifestyle?
- Other than a family plan or just giving her my individual account password and account key…is there a way to share vaults from an individual plan?
- Servers…I see they database is hosted on an Amazon server…what would happen to data if for some reason Agile went away…would the servers still be there for sync…or would we be reduced to just using the locally cached copy of the data?
- Do all enrolled devices keep a full local copy of individual/family vaults they're connected with so that in the permanent or temporary absence of the server sync connection each device would still have data? Am I correct that if the servers were permanently gone or Agile was gone that I could just revert to using DropBox for sync and copy the data from the local copy of an individual/family vault over to a DropBox synced vault and continue along? If Agile disappeared permanently we would most likely choose a new solution…while I'm not plotting your demise knowing there is an exit plan if needed is a must.
- I can backup DropBox synced vaults…but after creating a trial individual account I don't see any to do a local, user controlled backup of the vault from the desktop application. How do I as the user ensure that I have backup copies of my vaults that are stored in an individual/family account. Sure…Agile going away is unlikely and Amazon going away even more unlikely…but I need to be able to have my own backup copies of the data files. Does this mean I should not use individual/family and just continue with the apps using DropBox sync as I currently do? Not having my own backups would be a deal breaker for using the individual/family plan. I could of course just periodically copy the contents of the family/individual vault to a DropBox vault or another local storage vault…but backups need to be automatic and not depend on user action.
- Using the web console…I'm forced to enter both password and account key to login. Obviously my personal laptop remembers the account key but if I'm at a friend/internet cafe…and have to input both to get logged into the web console…this means that I need to remember both the password (long but memorable) and the completely unrememberable account key as well, right?
- If using a friend/internet cafe computer…what precautions prevent them from getting the password or account key later using keystroke loggers, cached copies of the information, etc?
- On the trial individual account I setup…there's the default Personal vault and I created another couple of vaults with names that I want to use…but don't see any way to either delete or rename the Personal vault to something useful. Is this possible…or do I just have to keep Personal on my vault list and ignore it? If it's the latter…then it should be able to be deleted after a user makes their own vault(s) with a personalized naming scheme rather than just having to ignore it.
Thanks…sorry it's a lot of questions but I need to fully understand the 'new way' and how it works before abandoning the 'way we've always done it'.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @neil_laubenthal,
Thanks for taking the time to contact us. I'm going to work through each of your questions one by one in the hopes that I don't miss anything. But please do let me know if I come up short or if you have any additional questions. :)
The short answer is that I think 1Password Families is designed exactly for folks in situations like you and your wife. Each person has their own Master Password (and Account Key), so you don't need to know the other person's. (However, if you are both designated as family organizers, you can perform account recovery in case the other person forgets their Master Password or loses their Account Key. This is all done without you ever knowing the other person's Master Password or Account Key.)
You each have your own Personal vault that is accessible only to you. There is also a Shared vault available to everyone in the family account. The Shared vault is the only one my wife and I use to share items, but when we have kids old enough to use 1Password, we'll likely create a "parents" vault and move our items to that vault. Then we can use the Shared vault for things we want our whole family to have access to — including our kids.
Is just giving her my password on an individual plan the only way to share vaults in an individual plan? It looks like it is from the features of individual/family comparison page. I could share of course…and after 40 years we obviously trust each other…but doing it that way with an individual plan seems wrong.
You understand it correctly. I think what I wrote above should help explain why a family account is designed to better accommodate multiple people.
With either a family or individual plan…what happens with simultaneous access from multiple devices…if two different devices change the same login which one gets eventually synced and updated to all devices? I'm guessing the last one but it's not clear.
Changes are made essentially instantly, so this should be quite rare. Presuming you are connected to the Internet so the change can go through on the spot, you would have to act very quickly to even come close to creating a conflict. However, even if you are using 1Password offline, conflicts are handled automatically. But you can always restore a previous version of an item.
Same question as above…but is there a different answer if one or both devices are offline when they make the change. We live in an RV full time and spend a lot of time out in the woods and our iPhones, iPads, and Macs have intermittent connectivity. DropBox has always worked to sync my 3 iOS devices and 2 Macs as connectivity comes and goes…I assume that family/individual plans would as well.
Ah. Looks like I anticipated your follow up already. :)
If you have been fine syncing with Dropbox, a 1Password account will be as good or better in that regard.
If devices are online…what causes them to sync changes made on a device to upload…and what causes a check/download for updated data from another device? Do I need to launch the app to get a sync…or do they periodically check on their own for both connectivity and updated data? Is this answer different as connectivity comes and goes due to the RV lifestyle?
With a 1Password account, it's not syncing per se. If you're connected, the changes are made directly on the server. The local cache is secondary to the data on the server. This is essentially the opposite of syncing with Dropbox where the local copy takes precedence and then it is synced to the server.
Really, the best thing you could do to assuage any concerns you may have is to start the free trial and see it in action. Really kick the tires. Cut off your Internet connection (or just let it go offline in the course of your normal everyday travels). See how it works, so you can become comfortable with it. This is one of those things that can often be talked to death in the abstract, but once you use it you'll see that everything Just Works™. :)
https://1password.com/sign-up/
Other than a family plan or just giving her my individual account password and account key…is there a way to share vaults from an individual plan?
No. A vault in a 1Password account can't be accessed without signing in to an account that has access to that vault.
Servers…I see they database is hosted on an Amazon server…what would happen to data if for some reason Agile went away…would the servers still be there for sync…or would we be reduced to just using the locally cached copy of the data?
If every one of us at Agilebits were abducted by aliens, it would probably take a little while before the servers started to shut down due to the bills not being paid. But you would absolutely have the local cache of your data on your own machines, just like you do when you use 1Password while offline today (and we haven't been abducted by aliens).
Do all enrolled devices keep a full local copy of individual/family vaults they're connected with so that in the permanent or temporary absence of the server sync connection each device would still have data?
Yep.
Am I correct that if the servers were permanently gone or Agile was gone that I could just revert to using DropBox for sync and copy the data from the local copy of an individual/family vault over to a DropBox synced vault and continue along?
Yep.
If Agile disappeared permanently we would most likely choose a new solution…while I'm not plotting your demise knowing there is an exit plan if needed is a must.
Absolutely. Data availability is a very important aspect of security.
I can backup DropBox synced vaults…but after creating a trial individual account I don't see any to do a local, user controlled backup of the vault from the desktop application. How do I as the user ensure that I have backup copies of my vaults that are stored in an individual/family account. Sure…Agile going away is unlikely and Amazon going away even more unlikely…but I need to be able to have my own backup copies of the data files. Does this mean I should not use individual/family and just continue with the apps using DropBox sync as I currently do? Not having my own backups would be a deal breaker for using the individual/family plan. I could of course just periodically copy the contents of the family/individual vault to a DropBox vault or another local storage vault…but backups need to be automatic and not depend on user action.
Ah! So you did already create a 1Password account. That's great. :)
All the backup solutions I know of (e.g. Time Machine, SuperDuper, Crashplan, etc.) all back up your home folder by default. And the local cache of your 1Password data is stored in the Library folder inside your home folder. So unless you explicit exclude it, it should be backed up along with the rest of your data when you are using any backup solution.
0 -
Using the web console…I'm forced to enter both password and account key to login. Obviously my personal laptop remembers the account key but if I'm at a friend/internet cafe…and have to input both to get logged into the web console…this means that I need to remember both the password (long but memorable) and the completely unrememberable account key as well, right?
We don't recommend signing in to your 1Password account on an untrusted machine, like one at an Internet cafe. This is true for any account or service, though. You simply don't know what sorts of keyloggers or other malware are installed on the machine.
If you do need to sign in to your 1Password account on new trusted machines, though, you could carry a copy of your Emergency Kit on a USB flash drive so you can copy and paste the Account Key. The Account Key is definitely not something you are expected to commit to memory. Worst case scenario, put a hard copy of it in your wallet and type it out on those rare occasions when you would need to.
YMMV, but in my own experience, even if I don't have my MacBook with me — or even my iPad — I always have my iPhone. I just use 1Password on there, since it is a trusted device.
If using a friend/internet cafe computer…what precautions prevent them from getting the password or account key later using keystroke loggers, cached copies of the information, etc?
We have a blog post that explains some of the precautions that we take, but the truth is that (1) the best protections we can put in place are in the native apps not in a browser and (2) even those protections have limited utility if the machine is compromised.
Learn more about 1Password’s defenses against keystroke loggers. From the post:
"1Password … cannot provide complete protection against a compromised operating system. There is a saying (for which I cannot find a source), 'Once an attacker has broken into your computer [and obtained root privileges], it is no longer your computer.' So in principle, there is nothing that 1Password can do to protect you if your computer is compromised."
On the trial individual account I setup…there's the default Personal vault and I created another couple of vaults with names that I want to use…but don't see any way to either delete or rename the Personal vault to something useful. Is this possible…or do I just have to keep Personal on my vault list and ignore it? If it's the latter…then it should be able to be deleted after a user makes their own vault(s) with a personalized naming scheme rather than just having to ignore it.
The Personal vault is immutable. It cannot be deleted or renamed. It's like the home screen on an iOS device. Everything starts there, and if we can't rely on it existing, it makes it exponentially harder to help folks who aren't as savvy as yourself. People accidentally delete things all the time, and we need to make sure there is a base level "1Password" that folks can't alter. We want to provide a lot of functionality, but we don't want to give users rope to hang themselves with.
One thing you can do, if you like, is exclude the Personal (or any other) vault(s) from All Vaults in 1Password on your Mac and on iOS. On your Mac, choose 1Password > Preferences > All Vaults and turn off the vaults you don't want to see in the consolidated All Vaults view.
Thanks…sorry it's a lot of questions but I need to fully understand the 'new way' and how it works before abandoning the 'way we've always done it'.
One thing that I think it important to mention, though, is that — I'm sure you know — not everyone loves all this technical stuff as much as we do. I certainly don't mean to imply anything by this — for all I know, your wife is a lead developer at Google or Apple. However, you may find it easier to get her onboard if the barrier to entry is lower. (I find that's true no matter how tech savvy someone is, though.) ;)
The ability to share vaults via Dropbox is not going anywhere, but 1Password Families is much, much more than just another way to share vaults. Here are some of the things you can do with 1Password Families that aren’t possible otherwise:
- Share and sync without the need of a third-party sync service. Setting up syncing with Dropbox can be confusing for some folks. With 1Password Families, you sign in and all your data is there.
- New vaults automatically show up for family members. When you create a new vault, you can add people to it automatically. They don’t need to do anything to see it and begin using it on their end.
- Set permissions for each family member on each vault. Some passwords can be set to read-only, for example.
- Recover accounts if your family members forget their Master Passwords. This is a huge one. We have always prided ourselves on our security model which has no back door. While we still can’t recover anyone’s accounts, you can now recover accounts for your family.
- View, edit, and add items from any browser. The 1Password Families web app means you always have access to your data even if you are away from your main devices (but still using a trusted one).
My own wife and I didn't have a shared vault until a family account made it drop dead simple for her.
If we can be of further assistance, please let us know. We are always here to help!
0 -
Thanks Khad…I'll digest all of this and see if I have any more questions. Will check back here and let you know in a day or three if I do.
0 -
Sounds good to me. Enjoy the rest of your weekend! :) :+1:
0